maximum 1 year validity for digicert
This commit is contained in:
parent
bde2829e72
commit
d7ca1570be
|
@ -61,18 +61,16 @@ def signature_hash(signing_algorithm):
|
|||
|
||||
|
||||
def determine_validity_years(years):
|
||||
"""Given an end date determine how many years into the future that date is.
|
||||
:param years:
|
||||
:return: validity in years
|
||||
"""
|
||||
default_years = current_app.config.get("DIGICERT_DEFAULT_VALIDITY", 1)
|
||||
max_years = current_app.config.get("DIGICERT_MAX_VALIDITY", default_years)
|
||||
Considering maximum allowed certificate validity period of 398 days, this method should not return
|
||||
more than 1 year of validity. Thus changing it to return 1.
|
||||
Lemur will change this method in future to handle validity in months (determine_validity_months)
|
||||
instead of years. This will allow flexibility to handle short-lived certificates.
|
||||
|
||||
if years > max_years:
|
||||
return max_years
|
||||
if years not in [1, 2, 3]:
|
||||
return default_years
|
||||
return years
|
||||
:param years:
|
||||
:return: 1
|
||||
"""
|
||||
return 1
|
||||
|
||||
|
||||
def determine_end_date(end_date):
|
||||
|
|
|
@ -14,8 +14,6 @@ def config_mock(*args):
|
|||
"DIGICERT_ORG_ID": 111111,
|
||||
"DIGICERT_PRIVATE": False,
|
||||
"DIGICERT_DEFAULT_SIGNING_ALGORITHM": "sha256",
|
||||
"DIGICERT_DEFAULT_VALIDITY": 1,
|
||||
"DIGICERT_MAX_VALIDITY": 2,
|
||||
"DIGICERT_CIS_PROFILE_NAMES": {"digicert": 'digicert'},
|
||||
"DIGICERT_CIS_SIGNING_ALGORITHMS": {"digicert": 'digicert'},
|
||||
}
|
||||
|
@ -24,10 +22,9 @@ def config_mock(*args):
|
|||
|
||||
@patch("lemur.plugins.lemur_digicert.plugin.current_app")
|
||||
def test_determine_validity_years(mock_current_app):
|
||||
mock_current_app.config.get = Mock(return_value=2)
|
||||
assert plugin.determine_validity_years(1) == 1
|
||||
assert plugin.determine_validity_years(0) == 2
|
||||
assert plugin.determine_validity_years(3) == 2
|
||||
assert plugin.determine_validity_years(0) == 1
|
||||
assert plugin.determine_validity_years(3) == 1
|
||||
|
||||
|
||||
@patch("lemur.plugins.lemur_digicert.plugin.current_app")
|
||||
|
@ -52,7 +49,7 @@ def test_map_fields_with_validity_years(mock_current_app):
|
|||
"owner": "bob@example.com",
|
||||
"description": "test certificate",
|
||||
"extensions": {"sub_alt_names": {"names": [x509.DNSName(x) for x in names]}},
|
||||
"validity_years": 2
|
||||
"validity_years": 1
|
||||
}
|
||||
expected = {
|
||||
"certificate": {
|
||||
|
@ -62,7 +59,7 @@ def test_map_fields_with_validity_years(mock_current_app):
|
|||
"signature_hash": "sha256",
|
||||
},
|
||||
"organization": {"id": 111111},
|
||||
"validity_years": 2,
|
||||
"validity_years": 1,
|
||||
}
|
||||
assert expected == plugin.map_fields(options, CSR_STR)
|
||||
|
||||
|
|
Loading…
Reference in New Issue